Security Test: High number of Secrets¶
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | Frontend Scanner |
|---|---|---|
Description¶
Default Severity:
When secrets management is not properly implemented, sensitive credentials like API keys, tokens, and passwords can leak to the public. It may lead to data breaches, unauthorized access, financial loss and even legal penalties.
Configuration¶
Identifier:
sensitive_data/high_number_of_secrets
Examples¶
All configuration available:
checks:
sensitive_data/high_number_of_secrets:
skip: false # default
options:
detection_threshold: 1 # default
Increase the Detection Threshold
Options¶
Options can be set in the options key of the Security Test Configuration.
| Property | Type | Default | Description |
|---|---|---|---|
detection_threshold | number | 1 |
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API7:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 6.5.3 |
| GDPR | Article-32 |
| SOC2 | CC6 |
| PSD2 | Article-95 |
| ISO 27001 | A.9.4 |
| NIST | SP800-53 |
| FedRAMP | SC-12 |
| CWE | 200 |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:H/RL:O/RC:C |
| CVSS Score | 8.2 |